jere2001
(usa Arch Linux)
Enviado em 17/04/2015 - 19:33h
Olá, tenho um raspberry py com o raspbian instalado. Sou analista de infra estrutura e utilizo ele para brincar com minha rede doméstica enquanto tento aprender mais.
Bom ele está configurado como proxy da minha rede e está configurado para operar apenas como cache, não bloqueia nada apenas para dar um up na velocidade.
Porém o maldito não consegue fazer o APP do Facebook do Android exibir os vídeos, no access.log apresenta a seguinte linha quando eu clico em "Play":
1429309406.855 113 10.152.240.33 TCP_MISS/503 4053 GET
http://127.0.0.1:55925/cache-thru? - DIRECT/127.0.0.1 text/html
Segue meu squid.conf:
# ---
# Inicio da Configuracao
# ---
# --- Define a porta utiliada
http_port 3128
# ---
# --- Identificacao
visible_hostname raspberrypi.jesus.salvador
cache_mgr jeremias@redes.eti.br
# ---
# --- Habilita processamento em paralelo
pipeline_prefetch on
# --- Reiniciando rapidamente
shutdown_lifetime 1 second
# --- Define o Cache
cache_mem 128 MB
cache_dir aufs /var/spool/squid3 5120 32 256
# --- Tamanho dos objetos em memoria e disco
maximum_object_size_in_memory 4096 KB
maximum_object_size 50 MB
minimum_object_size 0 KB
# heap GDSF: otimiza o "hit rate" por manter objetos pequenos e
# e populares no cache, guardando assim um numero maior de objetos
# ao inves de buscar no disco ja esta na memoria, maior velocidade
# na resposta ao usuario
memory_replacement_policy heap GDSF
# heap LFUDA: otimiza o "byte hit rate" por manter objetos populares
# no cache sem levar em conta o tamanho. Se for utilizado este, o
# maximum_object_size devera ser aumentado para otimizar o LFUDA.
cache_replacement_policy heap LFUDA
# --- Quando os objetos devem ser swapados
cache_swap_low 50
cache_swap_high 80
# --- Cache de IP
ipcache_size 2048
ipcache_low 98
ipcache_high 99
# --- Cache de endereços
fqdncache_size 2048
# --- Logrotate
logfile_rotate 10
# --- ttl de objetos no cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
#########################
# --- Decladrando as ACLs
#########################
acl manager proto cache_object
# --- ACLs de Rede
acl localhost src 127.0.0.1/32
acl users src 10.152.240.32/27
acl dominio-local dstdomain .jesus.salvador
acl All_ports port 1-65535
always_direct allow users dominio-local All_ports
http_access allow users All_ports
# --- ACLs de Portas
#
# --- Portas Seguras
acl SSL_ports port 443 8443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
# --- Portas comuns
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 6500 # Video RNP
acl Safe_ports port 110 # POP
acl Safe_ports port 8080 # Danica
acl Safe_ports port 8181 # Danica
acl Safe_ports port 37674 # Danica
acl Safe_ports port 8081 # Danica
acl Safe_ports port 3456 # Danica
acl Safe_ports port 809 # Danica
acl Safe_ports port 587 # SMTP
acl Safe_ports port 143 # IMAP
acl Safe_ports port 993 # IMAP
acl Safe_ports port 3401 # SNMP squid
# --- Especifica metodos de conectividade
acl PURGE method PURGE
acl CONNECT method CONNECT
# --- ACL que ativa o SNMP
acl snmpPADRAO snmp_community jerehome
snmp_port 3401
snmp_access allow all
# --- Portas do skype Skype
acl Skype_80 url_regex -i ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):80
acl Skype_443 url_regex -i ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype
# --- Sites seguros
#acl sites_liberados dstdomain "/var/lib/squidguard/whitelists/sites_liberados/domains"
#http_access allow sites_liberados
# --- Sites sem cache
#acl SitesNoCache url_regex -i "/var/lib/squidguard/whitelists/sitesnocache/domains"
# --- Sites Bloqueados
#acl Bloqueados url_regex -i "/etc/squid/rules/sites_bloqueados"
# --- Streaming geral
#acl streaming req_mime_type ^video/x-ms-asf
#http_reply_access deny streaming
############################
# --- Controle de acesso ---
############################
# --- Liberacoes padrao daemon/localhost
http_access allow localhost
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
# --- Libera as portas Safe_ports e SSL_ports
http_access allow Safe_ports
http_access allow CONNECT Safe_ports
http_access allow SSL_ports
http_access allow CONNECT SSL_ports
# --- Libera sites da empresa e sites sem autenticacao
#no_cache deny SitesNoCache
#always_direct allow SitesNoCache
#http_access allow all SitesNoCache
# --- Libera Skype
http_access allow Skype_80
http_access allow Skype_443
http_access allow Skype_UA
# --- Habilita o Squid Guard
#redirect_program /usr/bin/squidGuard –c /etc/squidguard/squidGuard.conf
# ---
# --- Libera o restante dos sites
http_access allow users
#http_access allow NTLM-Auth
# --- Bloqueia todos os acessos que nao tenham regras acima
http_access deny all
# --- Debug
debug_options ALL,1 33,2